3)Also this general service/document search page needs to open up without authentication.

http://<host>:7778/cs/idcplg?IdcService=GET_DOC_PAGE

**Oracle Access Manager (OAM) basically protects URLs or definite URL parameters , it cannot go inside an end-user application and check security assigned to a resource to determine if that should be challenged for credentials.

(Example in this case is that it cannot go and check the authorization / security Group using IdcService URL for the file DEV_COMPLOG_31364)**

Hence we have only two options here -

1)Either the URL pattern /cs/groups/public can be marked as unprotected in OAM Application Domain and hence user won't be challenged when using Pattern 2 as above.

3)You can configure the IdcService url pattern to be public via OAM. (something like http://oamserver.com/cs/idcplg as url and query parameters as IdcService=GET_FILE) .But by exposing that people can still construct url of private documents if they know the dID and bypass OAM as the pattern is public. But once they reach UCM, ucm security will deny them access as they are not authenticated/have required permissions [Courtesy : Shidharth Mishra]